-
- Why is that bad? I have no objection to giving vendors a reasonable
- amount of time to fix problems before announcing the whole.
- Or is your
- point that two days hardly seems like enough time to develop -- and
- *test* -- a fix?
HMMM,
If I was a real hacker, and I found the problem,
On Fri, 2004-02-06 at 09:43, McBurnett, Jim wrote:
If I was a real hacker, and I found the problem, might I also know the fix?
And if I was really nice, would I give that fix to the vendor?
Or could it be that a former Checkpoint employee is now an ISS employee?
Or .?
In my experience,
to Protect
http://www.iss.net
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Steven M. Bellovin
Sent: Thursday, February 05, 2004 2:56 PM
To: Rubens Kuhl Jr.
Cc: [EMAIL PROTECTED]
Subject: Re: ISS X-Force Security Advisories on Checkpoint Firewall-1
and VPN-1
Dan == Ingevaldson, Dan (ISS Atlanta) [EMAIL PROTECTED] writes:
Dan http://xforce.iss.net/xforce/alerts/id/162
Dan http://xforce.iss.net/xforce/alerts/id/163
You know, I'm quite allergic to that word checkpoint. Perhaps I'm
completely wrong here, but ..
Might be a good idea to deploy
not that I'm a fan of any firewall product in particular, but...
On Thu, 5 Feb 2004, Suresh Ramasubramanian wrote:
Dan == Ingevaldson, Dan (ISS Atlanta) [EMAIL PROTECTED] writes:
Dan http://xforce.iss.net/xforce/alerts/id/162
Dan http://xforce.iss.net/xforce/alerts/id/163
You
Christopher L. Morrow [2/5/2004 10:45 PM] :
Sure, anything is dangerous in the 'right' (wrong?) hands. Is the fault
with the vendor or the person(s) implementing or the 'management' of said
person(s)? Even an openbsd firewall is a problem if not properly admin'd.
of course, but you do have to
Ramasubramanian [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, February 05, 2004 8:56 AM
Subject: Re: ISS X-Force Security Advisories on Checkpoint Firewall-1 and
VPN-1
Dan == Ingevaldson, Dan (ISS Atlanta) [EMAIL PROTECTED] writes:
Dan http://xforce.iss.net/xforce/alerts/id/162
Alexei Roudnev wrote:
Checkpoint is a very strange brand. On the one hand, it is _well known
brand_, _many awards_, _editors choice_, etc etc. I know network consultant,
who installed few hundred of them, and it works.
On the other hand, every time, when I have a deal with this beasts (we do
not
again, not that I care about the vendor in question.. BUT
On Thu, 5 Feb 2004, Alexei Roudnev wrote:
Checkpoint is a very strange brand. On the one hand, it is _well known
brand_, _many awards_, _editors choice_, etc etc. I know network consultant,
who installed few hundred of them, and it
At 08:56 AM 2/5/2004, Suresh Ramasubramanian wrote:
Is there some really good network security for dummies book that I
can point such people at?
A social approach is often more effective than the technical approach
i.e. it is often easier to hack into a secured system via social
hacking. In a
Martin Hepworth wrote:
Alexei Roudnev wrote:
Checkpoint is a very strange brand. On the one hand, it is _well known
brand_, _many awards_, _editors choice_, etc etc. I know network
consultant,
who installed few hundred of them, and it works.
On the other hand, every time, when I have a deal
Is it still very counter intuitive to set up a PIX to _not_
do the eevul NAT? Is the PIX no longer PeeCee hardware underneath
(I know they got rid of the HDD) so not as to bring NOs down to the
level of the great unwashed throngs of desktop users?
Of course, PIX is still a CISCO - this
On PIX'en and FWSM it is very easy to disable the evil NAT all you
need is to enter the nat 0 command in global configuration mode. This
allows the PIX to pass addresses untranslated.
The Pixen are still based on intel hardware but to the best of my
knowledge they have never had a HDD and I
PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, February 05, 2004 1:32 AM
Subject: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
Nanog-
ISS X-Force release two X-Force Security Advisories this evening
detailing high-risk issues in Checkpoint Firewall-1 and VPN-1. Please
/vulnerability_guidelines.pdf
- Original Message -
From: Ingevaldson, Dan (ISS Atlanta) [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, February 05, 2004 1:32 AM
Subject: ISS X-Force Security Advisories on Checkpoint Firewall-1 and VPN-1
Nanog-
ISS X-Force release two X-Force Security
In message [EMAIL PROTECTED], Rubens Kuhl Jr. writes:
Isn't it curious that two unrelated issues have been reported to CheckPoint
at the same day and the patches came out on the same day ?
Am I too paranoid, or it seems that CheckPoint had previous knowledge of the
bugs and they agreed with
My point is that is very unlikely that both bugs had been discovered by ISS
within the same time frame. Two days is also little time do develop and
test, which raises the suspicion on this issue.
I'm not against notification before disclosure, but it seems that the dates
on this announcement
On Thu, 05 Feb 2004 14:56:13 EST, Steven M. Bellovin said:
Why is that bad? I have no objection to giving vendors a reasonable
amount of time to fix problems before announcing the whole. Or is your
point that two days hardly seems like enough time to develop -- and
*test* -- a fix?
Two
Two days is plenty if it's a Homer Simpson-esque D'Oh! bug. Probably
not if it's something that requires some regression testing.
In the world of responsible release engineering, everything requires
regression testing.
Stephen
Two days is plenty if it's a Homer Simpson-esque D'Oh! bug. Probably
not if it's something that requires some regression testing.
my memory from some decades in software product world is that
*any* change requires regression testing, especially the quick
little, it won't affect anything,
On Thu, 05 Feb 2004 14:45:31 CST, Laurence F. Sheldon, Jr. [EMAIL PROTECTED] said:
[EMAIL PROTECTED] wrote:
Two days is plenty if it's a Homer Simpson-esque D'Oh! bug. Probably
not if it's something that requires some regression testing.
All bugs reduse to that, eventually, don't
Nanog-
ISS X-Force release two X-Force Security Advisories this evening
detailing high-risk issues in Checkpoint Firewall-1 and VPN-1. Please
refer to the following URLs for more information:
http://xforce.iss.net/xforce/alerts/id/162
http://xforce.iss.net/xforce/alerts/id/163
22 matches
Mail list logo